Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.

Worries over ransomware and malware are slowing down enterprise IoT deployments, which is a reflection of the reputational and customer relationship risks at stake, according to a new survey. Here's what enterprises need to keep in mind when selecting security technology for IoT.

A federal judge has ordered Capital One to turn over a forensics report covering its 2019 data breach, which has been sought by plaintiffs in a class action lawsuit. The report, if it becomes public, could shed light on one of last year's biggest breaches.

Last week, security researcher Bill Demirkapi said that Trend Micro used a trick to get one of its drivers to pass Microsoft's approval process. Trend Micro has withdrawn the driver and says it's working with Microsoft on incompatibility issues that are unrelated to the researcher's findings.

Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.

Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.

Covve Visual Network Ltd., a Cyprus-based app developer, acknowledges that it's the owner of 90GB of data - including tens of millions of records - that apparently was left exposed on an open Elasticsearch database. A portion of the data was posted on a forum for trading data leaks.

Australia's Parliament passed a new law on Thursday to deal with a range of legal and privacy concerns arising from its quickly developed contact-tracing app, COVIDSafe. Misusing data and other offenses could garner a five-year prison sentence.

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Australian shipping giant Toll Group has vowed to again not pay a ransom after suffering its second ransomware attack of the year. In the latest incident, however, the company warns that attackers also stole corporate data - and it may get leaked.

New research shows it's possible to unlock a password-protected Windows computer in about five minutes by exploiting vulnerabilities in Intel's Thunderbolt hardware controller. The vulnerabilities add to a growing list of issues around Thunderbolt, which is used for connecting peripherals.

Anubis, one of the most potent Android botnets, apparently is getting a refresh a year after its source code was leaked, security researchers say. The changes could help fraudsters more closely monitor activity on hacked devices.

Even in the best of economic circumstances, enterprises face risks of insiders stealing data or selling access to systems. But Joseph Blankenship of Forrester says the possibility of layoffs due to the COVID-19 pandemic puts enterprises at more risk of insider threats.

Gamers are poring over a massive leak of Nintendo data, including source code for older gaming systems, prototypes of games and extensive software and hardware documentation. The data likely dates from a 2018 network intrusion at Nintendo.

Researchers are seeing a spike in opportunism by fraudsters and cybercriminals seeking to profit from the COVID-19 crisis. Underground online markets are offering a range of pandemic-related goods, from face masks to fraudulent vaccines.

What should an enterprise do when someone reaches out and claims to have the company's data or information about a breach? Although it can be a delicate situation to manage, there are sound approaches enterprises can take, says data breach expert Troy Hunt.

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.